> From: Michael S. Tsirkin <m...@redhat.com> > Sent: Wednesday, February 8, 2023 9:09 AM
> > > header: it allow users inside the tunnel control queueing outside. > > > By observing packet loss some information leaks between tunnels. > > > > > I likely didn't understand. Can you please explain? > > > > Queuing is always done on the inner header with/without encapsulation. > > Hash is always reported for inner header. > > It is only adding the ability to hash even when outer header exists. > > > If hashing just on outer header (currently the only option) then a given > tunnel > all lands in a given queue. > Just keep that queue separate and users of this tunnel can not learn whether > other queues are overflowing, and can not overflow other queues. > > > If you hash inner header then user can flood device with packets of a given > connection and the same connection in a different tunnel hashes to the same > queue. Now one tunnel can > - cause DoS for another tunnel > - cause packet loss or latency triggering possible security bugs within guest > - detect that another tunnel is using the connection by > detecting its own packet loss or increased latency > Yes. It can lead to above issues. Steering on inner is on best effort based sw implementations running on top of net device. To avoid above issues, a hierarchical model is needed. I am not aware of any. To my knowledge, usually who care for above issues end up using a different net device for each VNI and achieve the desired hierarchy. > > > If queuing to be decided based on outer header (hash), then that is > > different. > > Hashing both inner and outer in a flat q structure unlikely works, right? > > Because both hashes can result in different q selection. > > > That's the point. > > Is there any precedent in OSes for configuring things like this that we can > look > at? > ethtool -N (not yet part of virtio) is the closest match that can steer based on inner and outer both, but it is not hierarchical, and it is orthogonal to this feature. > > > > > > > Ideas for solving this they all involve hashing both inner and outer > > > header: > > > 1- report two sets of hashes. overkill? > > > 2- hash both headers together > > > 2- add salt. can come from driver or device itself > > > > > > More ideas? > > > > > > -- > > > MST --------------------------------------------------------------------- To unsubscribe, e-mail: virtio-dev-unsubscr...@lists.oasis-open.org For additional commands, e-mail: virtio-dev-h...@lists.oasis-open.org